Commit Graph

36855 Commits (f48e4363f5b521ee557250e4ad0d8dddeb962321)

Author SHA1 Message Date
BAZIN-HSC 070a156925 -Recovrey +Recovery 2015-11-27 13:58:19 +01:00
Jon Cave 0c8eb6fb37 Display ReverseListenerBindPort if it is set
ReverseListenerBindPort overrides LPORT if it is used. The `listener_uri`
method should use the output `bind_port` to account for this.
2015-11-27 09:16:20 +00:00
Bigendian Smalls 9bcbd12407
Updated spec for mainframe rev shell 2015-11-26 21:34:27 -06:00
wchen-r7 c888726a1a Fix #6287, check DisablePayloadHandler value in exploit.rb
It looks active_module datastore options are always strings. They
are actually different than what the module uses (normalized), so
we have to always have to check it.
2015-11-26 18:30:31 -06:00
Bigendian Smalls d2bfc4d8e0
Added reverse shell payload for Mainframe
This is the first and probably most useful shellcode for mainframe
platform.  Standard reverse shell works just like any other platform
reverse shell.
2015-11-26 17:07:03 -06:00
Brent Cook e5119e6446 use payload_uri's result to derive lhost / lport 2015-11-26 15:21:51 -06:00
Brent Cook 216119c05c unfold override lhost/lport logic 2015-11-26 15:15:21 -06:00
Spencer McIntyre 1b495e73ac Further reduce python reverse_http duplicate code 2015-11-26 14:31:00 -05:00
Spencer McIntyre bd25ffa48c Consolidate py reverse http uri code into a mixin 2015-11-26 13:32:50 -05:00
Brent Cook f4d35116bd
land #6288, fix regression using non-default port with reverse_http 2015-11-26 11:04:24 -06:00
Brent Cook eb57163db6
Land #6285, excellent new sound plugin scheme 2015-11-26 10:41:02 -06:00
Jon Cave d9655fc882 Use LPORT if opts[:lport] is undefined
`nil.to_i` returns 0 which will short circuit the || resulting in port 0
being used. nil should be checked for prior to casting to int.
2015-11-26 16:08:22 +00:00
OJ 87507e19a9 Change job view to show bind port if applicable 2015-11-26 16:18:00 +10:00
wchen-r7 ecfcdbe875 rm extra "excellent" 2015-11-25 23:49:44 -06:00
Christian Mehlmauer 920d8c6ad7
Land #6278, wrong default option for RHOST 2015-11-26 06:49:25 +01:00
wchen-r7 d44224142e Update audio files 2015-11-25 23:41:18 -06:00
Louis Sato 90fb3e0118
Land #6277, jenkins domain cred recovery aux module 2015-11-25 22:58:43 -06:00
wchen-r7 776455d10a Add another sound and event
Add sound: "We've got a shell"
Add event on_session_fail
2015-11-25 22:46:51 -06:00
Brent Cook a7a89adfac
Land #6264, meterpreter per-extension init string support, update payloads to 1.0.17
This brings in the following changes:
	Changes to support maven 3.3+
	Don't fall back to 0.0.0.0
	Remove all debug builds from the Windows projects
	Add show_mount, ps_list, and some core tweaks
	Refactor TLV layout, add more debug output, token stealing
	Add incognito binding, code tidies
	Update packaged libs
	Add transport list binding
	Add transport add command to python binding
	Update python core lib archive
	change source perms back to non-executable
	First pass of stageless initialisation script
	Finalise stageless initialisation scripts
	add BOOT_COMPLETED receiver that starts the Payload
	Improve the implementation of the getuid command
	Switch to Utils.runCommand per timwr's suggestion
	Updated init script method

also bumps msgpack 0.7.1, which fixes a failure packing messages > 256k
2015-11-25 22:27:27 -06:00
Brent Cook 78e306e281 s/Initialision/Initialization/ 2015-11-25 22:07:25 -06:00
Brent Cook d984e5c781 update payload sizes 2015-11-25 22:04:52 -06:00
Brent Cook c8461bfb24 update to metasploit-payloads 1.0.17 2015-11-25 22:03:28 -06:00
wchen-r7 7dc268d601
Land #6283, increase the amount of space needed for ms08_067 2015-11-25 19:37:25 -06:00
wchen-r7 af8c557fa9 Add the MP3s 2015-11-25 18:09:27 -06:00
wchen-r7 fa32f43ee4 Muts says "Try harder!" or "Excellent" for the sounds plugin
With the sounds plugin, muts will say "excellent!" when a session
is received. If a session is terminated (either exited or lost),
muts will say "try harder!"
2015-11-25 18:06:58 -06:00
Jon Hart 8fd2522a59
Land #6257, @all3g's aux module for locating git repos over HTTP 2015-11-25 12:25:45 -08:00
Jon Hart a56571479f
Remove WmapScanServer mixin; not needed 2015-11-25 11:38:32 -08:00
William Vu 2da9bb8578 Follow redirects in apache_userdir_enum
Found false negatives while testing a server for #6281.
2015-11-25 13:27:06 -06:00
Jon Hart a692a5d36c
Remove Platform, this should work everywhere; correct grammar 2015-11-25 11:23:18 -08:00
William Vu e56aa96a66
Land #6281, TARGETURI/full_uri fixes 2015-11-25 13:15:50 -06:00
William Vu 8f459de064 Fix tomcat_enum for full_uri 2015-11-25 11:28:56 -06:00
William Vu 38a9efe4d6 Fix squiz_matrix_user_enum for full_uri 2015-11-25 11:28:53 -06:00
Brent Cook 35ea8c3f74 relax space needed a bit less, work with Windows XP and 2k3 2015-11-25 11:25:57 -06:00
William Vu 7d17c5741b Fix nginx_source_disclosure for full_uri 2015-11-25 11:19:27 -06:00
William Vu 035882702a Fix barracuda_directory_traversal for full_uri 2015-11-25 11:18:17 -06:00
William Vu 7a5f6495d0 Fix axis_local_file_include for full_uri 2015-11-25 11:16:59 -06:00
William Vu 42d12a4d40 Fix apache_userdir_enum for full_uri 2015-11-25 11:16:22 -06:00
Brent Cook 2a89a2bc9a increase the amount of space needed for ms08_067 2015-11-25 07:13:16 -06:00
Waqas Ali c09d8031c6 Remove default empty string 2015-11-25 12:19:16 +05:00
William Vu f9d3652e1a
Land #6282, deprecated module cleanup
rm modules/exploits/windows/browser/adobe_flash_pixel_bender_bof.rb
2015-11-24 23:48:09 -06:00
wchen-r7 6fbcb3d127
Land #6263, add BisonWare BisonFTP Server Buffer Overflow 2015-11-24 22:55:15 -06:00
wchen-r7 f57ebad0e6 Change hard tabs to spaces 2015-11-24 22:54:52 -06:00
JT 9a7e51daec Update bison_ftp_bof.rb 2015-11-25 11:47:21 +08:00
JT 3d6e4068cb Update bison_ftp_bof.rb 2015-11-25 11:17:07 +08:00
wchen-r7 591da3c97e Please use exploit/multi/browser/adobe_flash_pixel_bender_bof
Time to say goodbye to:
exploits/windows/browser/adobe_flash_pixel_bender_bof.rb

Please use:
exploit/multi/browser/adobe_flash_pixel_bender_bof

Reason: The replacement supports multiple platforms, so better.
2015-11-24 20:37:57 -06:00
Vex Woo a262c6bff5 Merge pull request #2 from jhart-r7/pr/fixup-6257
HTTP Git scanner for information disclosure in git repository.
2015-11-25 02:05:30 +00:00
Jon Hart eac4f02b66
Spelling and correct description 2015-11-24 17:57:56 -08:00
aushack 3ad7ef9814 Modify the printed URL to add https:// when SSL is used. 2015-11-25 12:46:56 +11:00
wchen-r7 4e2eb7ca65 Add Oracle Beehive processEvaluation Vulnerability 2015-11-24 19:17:57 -06:00
Kyle Gray 8923252de7
Land #6259, NoMethodError in vim_soap.rb fix
We haven't been able to get the XML data that would cause the error, all we have is a backtrace. So "verification" is purely code reading. Thanks @wchen-r7

Fixes #6085

Merge remote-tracking branch 'origin/pr/6259'
2015-11-24 17:33:35 -06:00